<?php
/**
 * user identity
 * 用户验证
 *
 * 以域验证为主，数据库验证为备份
 * @author jiaoba@taobao.com
 * @version 1.0
 */
class UserIdentity extends CUserIdentity
{
    private $_id;
    public $realname;
    public $domain;

    const INFO_USER_INACTIVE = 10;
    /**
     * construct function
     * 构造函数
     *
     * 用户验证用户名忽略大小写
     */
    public function __construct($username, $password, $domain)
    {
        $username = strtolower($username);
        $this->domain = $domain;
        parent::__construct($username, $password);
    }

    /**
     * authenticate
     * 用户验证
     *
     * 首先通过域验证，如果域验证失效，则启用数据库验证
     * 每次通过域验证都将密码更新保存在数据库中
     */
    public function authenticate()
    {
        $user = Users::model()->findByAttributes(array('username' => $this->username, 
            'domain' => $this->domain/*, 'status' => Users::STATUS_AVAILABLE*/));
        if($user === null)
        {
            $user = new Users();
            //set user attributes
            $ldap = new Ldap($this->domain . "\\" . $this->username, $this->password);
            //$userInfo = $ldap->search($this->domain, $this->username);
            $userInfo = $ldap->search('taobao-hz', 'linhan');
            if(Ldap::ERROR_CONNECT == $ldap->errorCode)
            {
                $this->errorCode = self::ERROR_UNKNOWN_IDENTITY;
            }
            elseif(Ldap::ERROR_BIND == $ldap->errorCode)
            {
                $this->errorCode = self::ERROR_USERNAME_INVALID;
            }
            else
            {
                if(empty($userInfo))
                {
                    $this->errorCode = self::ERROR_USERNAME_INVALID;
                }
                else
                {
                    $user->username = $userInfo->username;
                    $user->password = md5($this->password);
                    $user->domain = $this->domain;
                    $user->realname = $userInfo->realname;
                    $user->email = $userInfo->email;
                    //$user->role = Users::ROLE_USER;
                    $user->role = 1;
                    //$user->status = Users::STATUS_DISABLE;
                    $user->status = 0;
                    if ($ret=$user->save())
                    {
                        $msg = 'Create User #' . $user->id . ' ' . $user->username . ' with LDAP Info.';
                        Yii::log($msg, 'trace', 'ts.admin.UserController.actionCreate');
                        Yii::log("--true--", 'info', 'ts.admin.debug');    
                        $this->errorCode = self::INFO_USER_INACTIVE;
                    }
                    else
                    {
                        Yii::log("5.4-$ret", 'info', 'ts.admin.debug');
                        $this->errorCode = self::ERROR_UNKNOWN_IDENTITY;
                    }
                }
            }
        }
        else
        {
            if ($user->status == Users::STATUS_DISABLE)
            {
                $this->errorCode = self::INFO_USER_INACTIVE;
            }
            else
            {
                $ldap = new Ldap($this->domain . "\\" . $this->username, $this->password);
                $userInfo = $ldap->search($this->domain, $this->username);
                if (Ldap::ERROR_CONNECT == $ldap->errorCode)
                {
                    $this->errorCode = self::ERROR_UNKNOWN_IDENTITY;
                }
                elseif (Ldap::ERROR_BIND == $ldap->errorCode)
                {
                    if (md5($this->password) !== $user->password)
                    {
                        $this->errorCode = self::ERROR_PASSWORD_INVALID;
                    }
                    else
                    {
                        $this->_id = $user->id;
                        $this->username = $user->username;
                        $this->realname = $user->realname;
                        $this->errorCode = self::ERROR_NONE;
                        $user->save();
                    }
                }
                else
                {
                    if (empty($userInfo))
                    {
                        $this->errorCode = self::ERROR_PASSWORD_INVALID;
                    }
                    else
                    {
                        $this->_id = $user->id;
                        $this->realname = $userInfo->realname;
                        $this->errorCode = self::ERROR_NONE;

                        $user->realname = $userInfo->realname;
                        $user->password = md5($this->password);
                        $user->save();
                    }
                }
            }
        }
        return !$this->errorCode;
    }

    public function getId()
    {
        return $this->_id;
    }
}
?>
